Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm in the process of updating all our FTD's from Snort2 to Snort3 & almost everything appears to work, except SMTP/S email.Under Snort2 it shows in event logs as SMTP/S Client traffic type correctly, but when Snort3 is enabled, it does not recognise...
This is just a piece of info. I recently started our next round of Cisco Gold Star upgrades due to v7.0.5 having a DoS attack vulnerability.I initially upgraded 3 HA pairs of FPR-2120, followed by an HA pair FPR-2140's in middle of December 2023.Toda...
I have a bunch of FTD's around the globe all managed by FMC, they are v7.x code. The ones local to the Netflow collector (as in same subnet address range) work as expected, the ones in remote locations don't.The ASA's they replaced used to send Netfl...
I have a pair of 2140's running v7.2.5+Hotfix code, setup as HA Pair. 10Gbps Cisco SFP's to Cisco switch (same setup in 3 other locations on v7.0.5 with no issues). My switch reports no LACP on remote end when shut/no shut issued on the etherchannel ...
A web based product allows users to create a large ZIP file & when its ready it mails them a link to retrieve it. Works great under Snort2. But I recently upgraded a set of FTD's to v7.2.5 + HotFix & Snort3, as per Cisco's current GoldStar version & ...
Did you ever follow up with TAC about this ? Or find an answer ? We are using the same version & just ran into this same problem. Had it a few years ago with early Snort3, so went back to Snort2, but that is no longer an option.Thanks for any update....
Just had a very similar issue & lots of checking with TAC, but I finally found the culprit on my own. In v7.x Cisco introduced the "TLS Server Identity Discovery" its in Policy under Advanced. When Enabled it breaks the SFtunnel comms if the FMC is b...
Thanks, but it's not an Intrusion block, as per the trace above it's an AppID issue "AppID: service: (-1)" Where -1 I believe means Unknown Application, as that is how it shows in FMC log. I've now logged a ticket with Cisco, so I can continue bein...
No Snort detected my manual Putty attempt to prove the trace was working as Telnet, because it was. But some actual email is not recognised, but was under Snort2 !? I have had a look back at our Syslog & can see the same SRC->DST being allowed righ...
